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© Integrated circuit cards. 



© An integrated circuit card includes an internal 
data memory (5) and a central processing unit (4), 
and incorporates at a surface. of the card an auxiliary 
memory (11) having a larger storage capacity than 
that of the internal memory. Access to information in 
the auxiliary memory, by an external card accep- 
tance device (20), is only possible using address 
data stored in the internal memory of the card, and 
supplied to that external card acceptance device 
under the control of the card's central processing 
unit, thereby affording a high degree of security. 
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INTEGRATED CIRCUIT CARDS 



The present invention relates to integrated cir- 
cuit cards (hereinafter referred to as IC cards). 

The convenience of !C cards for multi-purpose 
usage, such as for banking, shopping, and travel 
services, etc.. has encourages a widespread use of 
these cards, which although having different no- 
menclatures, for example, Smart Card or Chip-in 
Card, provide similar facilities. 

As explained in detail hereinafter, one form of 
prior art IC card contains a processor, i.e. a central 
processing unit (CPU) and a memory, both pack- 
aged in a plastic plate as one body. The capacity 
of the memory might typically be 8K bytes, but 
such memory capacity may not be sufficient when 
the facilities provided by the IC card are to be 
expanded. If a large capacity memory is required, 
a laser memory card may be provided separately. 
A laser memory card has a memory which can be 
written and read by laser light. The capacity of the 
laser card can be several million bytes. In the 
known art. however, such a laser card is physically 
and logically separated from the IC card. 

As a result, the laser memory can be used only 
when a special external terminal machine, i.e. a 
special card acceptance means, is available, and 
this, of course, is inconvenient. 

An alternative form of IC card system has been 
considered, having a magnetic stripe thereon, in 
which information recorded on the magnetic stripe 
is read and handled by a processor separate from 
the internal processor of the IC card. In such a 
system, the internal processor only reads and han- 
dles information stored in an internal memory of 
the card. 

In an embodiment of the present invention, the 
IC card is provided with an internal processor 
(CPU) which includes communication means for 
ccr.trciling an external auxiliary memory, provided 
integrally with the body of the IC card, by an 
external card acceptance means. 

An IC card system embodying the present 
invention desirably provides protection against il- 
legal access to information in the external memory, 
and can advantageously provide an IC card system 
in which records relating to past access to informa- 
tion recorded in the external memory (update his- 
tory) can be easily obtained by an authorised user 
after verification. 

Reference will now be made, by way of exam- 
ple, to the accompanying drawings, in which: 

Figure 1 is a perspective view of a conven- 
tional IC card; 

Figure 2 is a schematic diagram of the inter- 
nal construction of an integrated circuit module; 



Figure 3 is a perspective view of an IC card 
of a system embodying the present invention; 

Figure 4 is a schematic diagram of an ar- 
rangement of devices in an IC card of a system 
5 embodying the present invention; 

Figure 5 is a schematic diagram of the gen- 
eral construction of devices mounted on and in an 
IC card for a system embodying the present inven- 
tion; 

to Fig. 6 is a block diagram of an IC card 

system embodying to the present invention; 

Fig. 7 is a block diagram illustrating the 

principles of construction of an IC card for a sytem 

embodying the present invention; 
75 Fig. 8 is a block diagram for clarifying a 

write process performed in the IC card shown in 

Fig. 7; 

Fig. 9 is a block diagram for clarifying a read 
process performed in the IC card shown in Fig. 7; 
20 Figs. 10A and 10B display a general concept 

of a data processing system.including an IC card, 
embodying the present invention; 

Figs. 11 A and 11B are flow charts of a 
process for each command, performed by a CPU 
25 in an IC card of a system embodying the present 
invention; 

Fig. 12 is a detailed flow chart of the process 
"A** shown in Fig. 11 B; 

Fig. 1 3 is a detailed flow chart of the process 
30 **B n shown in Fig. 1 1 B; 

Fig. 14 is a detailed flow chart of the process 
"C" shown in Fig. 11B; 

Fig. 1 5 is a detailed flow chart of the process 
W D" shown in Fig. 11B; 
35 Fig. 16 is a detailed flow chart of the process 

W E H shown in Fig. 11B; 

Fig. 17 is a detailed flow chart of the process 
W F" shown in Fig. 11B; 

Fig. 18 is a detailed flow chart of the process 
40 shown in Fig. 11B; 

Fig. 19 is a detailed flow chart of the process 
"H" shown in Fig. 11B; 

Fig. 20 is a detailed flow chart of the process 
"P shown in Fig. 11B; 
4S Fig. 21 is a detailed flow chart of the process 

"J" shown in Fig. 11B; 

Fig. 22 is a schematic diagram of the gen- 
eral construction of devices mounted in an on an 
IC card, particularly a memory history management 
so part, of a system embodying the present invention; 

Figs. 23A and 23B show a specific arrange- 
ment of the memory history management part 
shown in Fijg. 22; and 
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Figs. 24A and 24B are How chart of read and 
write operations at an external memory (EMEM), 
and show an arrangement of related memories. 

Figure 1 is a perspective view of a conven- 
tional IC card. In Fig. 1 , reference 1 represents an 
IC card. The IC card 1 contains an integrated 
circuit module 2 comprising a processor (CPU) and 
an internal memory (neither of which are shown). 
The CPU and the memory transmit and receive 
data to and from externa! card acceptance means 
via a plurality of contacts 3. Figure 1 shows the 
rear surface of the IC card; the front surface thereof 
has a variety of devices mounted thereon, such as 
a display unit, a ten key unit, and so on. 

Figure 2 is a schematic diagram of an internal 
construction of an integrated circuit module. The 
main components of the integrated circuit module 2 
are the processor (CPU) 4 and the internal memory 
(IMEM) 5. The CPU 4 forms an IC card access 
means 6 and the memory, generally a main mem- 
ory, forms a plurality of format areas 8; these 
format areas 8 also define a file 9. 

The internal memory access means (IMAM) 6 
sets up an operating system and is able to process 
an access of the IC card 1 to the external IC card 
acceptance means.. When the access is directed to 
the file 9 in the memory 5. a search is first made of 
the directory 7, which is a dictionary storing file 
numbers (Nos.). 

in Fig. 2, the memory (IMEM) comprises an IC 
memory, for example, an electronically erasable 
programmable read only memory (EEPROM). The 
capacity of the IC memory might typically be 8 K 
bytes. As previously mentioned, such a memory 
capacity is not sufficient to develop a versatile 
general-purpose IC card, and accordingly, in the 
prior art, a laser memory card may be used an an 
accessory to the IC card. However, it is incon- 
venient to utilize a laser memory card with an IC 
card, despite the very large memory capacity of 
the laser memory card. 

In Figure 3, an IC card of a system embodying 
the present invention is provided with an external 
memory 1 1 mounted on the surface of the body of 
the IC card 20 to form a monolithic structure. The 
external memory 1 1 is adhered to the body of the 
IC card 20. As such, the -external memory 11 is 
physically and logically separated from the inte- 
grated circuit module 12. 

Figure 4 is a schematic diagram of an arrange- 
ment of devices in an IC card of a system embody- 
ing the present invention. The IC card 20 contains 
the processor (CPU) 4 and the internal memory 
(IMEM) 5, i.e. a main memory, both formed as the 
integrated circuit module 12, i.e., an IC chip. The 
contacts (shown by 3 in Fig. 3 but not illustrated in 
Fig. 4) are used for data communication between 



the processor 4. together with the interna! memory 
5, and the external IC card acceptance means. Tne 
external memory (EMEM) 11 does not perform 
data communication via the contacts 3. but com- 
5 municates directly with the external IC card accep- 
tance means, as illustrated by a two-way arrow in 
Fig. 4. Accordingly, only the CPU 4 can manage 
the external memory 11. Note, identical compo- 
nents are represented by the same reference nu- 

io merals or characters throughout the drawings. 

Figure 5 is a schematic diagram of the general 
construction of devices mounted on and in an IC 
card of a system embodying to the present inven- 
tion. The processor (CPU) 4 is usually provided 

75 with a program ROM which creates therein the 
internal memory access means (IMAM) 6 and the 
external memory access means (EMAM) 23 of the 
present invention. Namely, the means (IMAM) 6 
and the means (EMAM) 23 are actually established 

20 as programs. 

The internal memory (IMEM) 5 is preferably a 
non-volatile memory, such as an EEPROM. and 
has a first directory 21 and a second directory 22 
formed therein. The second directory 22 defines 

25 the format areas 8 of the file 9 allotted for the 
internal memory per se (main memory), and thus 
the second directory 22 is substantially the same 
as the directory 7 shown in Fig. 2. The first direc- 
tory 21 . however, defines the format areas 8 of the 

30 file 9 allotted for the external memory 11. The 
format areas 8 and format areas 17 (explained 
below) store user data relating to the IC card own- 
er. 

The external memory 11 is composed of a 

35 password area 17 and the format areas 18 setting 
up a file 1 9. The password in the area 1 7 is used in 
an authentication check of the external memory 1 1 
performed by the internal processor. 

The external memory (EMEM) 11 can have a 

40 memory capacity much larger than that of the 
internal memory (IMEM) 5. and accordingly, the 
external memory 1 1 is may be an optical memory, 
such as laser memory, a CD-ROM and the like, 
which usually have a memory capacity of several 

45 M bytes even though small in size. 

Figure 6 is a block diagram of an IC card 
system embodying the present invention. In Fig; 6, 
the characters "CC" denote a conventional com- 
munication controller, 20 denotes an external IC 

so card acceptance means provided with a conven- 
tional reader-writer for data communication with the 
IC card 10. 24 an access unit for the external 
memory (EMEM) 1 1 via an interface 27, for exam- 
ple, an optical reading and writing device, 26 a 

55 processor containing in particular a terminal 
EMAM, i.e. external memory access means, and 
30 a terminal station, for example a personal com- 
puter 31 handling an application program (APL). 
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in Fig. 6. a first logical system constituted by 
the CPU 4 and the external memory (EMEM) 11 is 
isolated frcm a second logical systemconstituted 
by the CPU 4 and the internal memory (IMEM) 5, 
although the first logical system and the second 
logical system can be logically connected together 
by the external IC card acceptance means 20 via 
the respective interfaces (27 and 3). Namely, only 
data handled by the CPU 4 is sent to the external 
memory (EMEM) 1 1 , and read and write operations 
for the external memory are carried out by using 
only addresses determined by the CPU 4. The 
CPU 4 executes a program related to a device 
EM AM, and the !C card acceptance means (EiAM) 
20, e.g. the reader-writer and reading and writing 
device, communicates with the CPU 4 and the 
EMEM 11. In the EIAM 20. the processor (CPU) 26 
executes a program related to a terminal EMAM. 
The CPU (terminal EMAM) 26 is supplied with a 
command by the aforesaid application program 
(APL). and in accordance with the kind of com- 
mand, the CPU 26 selectively executes an internal 
processing of the terminal EMAM, an access to the 
external memory 1 1 , and an access to the CPU 4 
(device EMAM). and according to the result of this 
internal processing and the result of the access, an 
appropriate response is returned to a personal 
computer 31 (application program). The CPU 4 
(device EMAM). after recognition by the terminal 
EMAM 26 of a command from the application pro- 
gram, is called by the terminal EMAM 26. if re- 
quired by the resultant recognition and the CPU 4 
then executes a command given by the terminal 
EMAM. The result of this command execution is 
returned to the terminal EMAM. 

When using the IC card 10, security must be 
taken into consideration, particular the security of 
data stored in the external memory (EMEM) 11. 
This is because, the contents of the EMEM 1 1 can 
be easily stolen by a third party, since the EMEM 
1 1 is exposed outside the body of the IC card 10. 

Figure 7 is a block diagram showing the princi- 
ples of construction of an IC card of a system 
embodying the invention. The IC card of Fig. 7 is 
designed while taking security into consideration. In 
Fig. 7, the IC card 10 having a security function is 
comprised of the aforesaid external memory 
(EMEM) 11, an address holding means 44 for hold- 
ing addresses of the files 19 stored in the EMEM 
11. a cryptograph management information mem- 
ory means 45 for storing the cryptographic man- 
agement information used for enciphering data and 
for deciphering the ciphered data, a write process- 
ing means 43. a first read processing means 41 
and a second read processing means 42. The 
means 41, 42 and 43 are functions of the CPU 4. 
and the means 44 and 45 are realized by the 
internal memory (IMEM) 5, e.g., a main memory. 



The write processing means 43 is able to start 
operating upon receipt of a write command WC 
and the corresponding write data WD, encipher the 
thus given write data WD with reference to the 

s cryptograph management information, search the 
corresponding address AD of the external memory 
(EMEM) 11 at which the thus enciphered write data 
CWD is to be written by referring to the address 
holding means 44. and to return the enciphered 

to write data CWD and the corresponding address 
AD, as a response. 

The first read processing means 41 is able to 
start operating upon receipt of a first read com- 
mand RC1 and the corresponding file number FN 

rs of the file 19. to search the corresponding read 
address RA specified by the given file number with 
reference to the address holding means 44, and to 
return the read address RA as a response. 

The second read processing means 42 is able 

20 to start operating upon receipt of a second read 
command RC 2 and a ciphered read data CRD. to 
decipher the thus given enciphered read data CRD 
by referring to the cryptographic management in- 
formation, and to return the thus deciphered read 

25 data DRD as a response. 

The address holding means 44 is realized by 
the internal memory, and the address holding 
means specifies a new area in the file 9 with 
reference to a vacant area in the first directory 21. 

30 Note, the means 45 (Fig. 7) has various keys 

and a ciphering algorithm, commonly known as a 
"DES" (Data Encription System proposed by IBM). 

Figure 8 is a block diagram for clarifying a 
write process performed in an IC card of Fig. 7. For 

35 example, when writing data in the external memory 
(EMEM) 11, the following process is carried out: 

(I) the given write command WC and the 
corresponding write data WD are input to the IC 
card 10. 

40 (II) the enciphered write data CWD and the 

corresponding address AD for writing in the exter- 
nal memory (EMEM) 11 are obtained and output 
from the IC card 10, and 

(III) the thus enciphered write data CWD is 

45 written in the EMEM 1 1 . 

Figure 9 is a block diagram for clarifying a read 
process performed in an IC card of Fig. 7. For 
example, when reading data from the external 
so memory (EMEM) 11, the following process is car- 
ried out: 

(I) the given first read command RC1 and 
the corresponding file number FN are input in the 
IC card 10. 

55 (II) the corresponding read address AD for 

the external memory 11 is searched by the ad- 
dress holding means 44 and output from the IC 
card 10. 
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(til) the enciphered read data CRD is ob- 
tained, by using the searched read address AD, 
from the externa! memory 1 1 , 

(IV) the enciphered read data CRD from the 
external memory 11 is given to the IC card 10 
together with a second read command RC2 t and 

(V) a deciphered read data DRD is output 
from the IC card, in response to the second read 
command RC2. 

Figures 10A and 10B display a general con- 
cept of a data processing system including an IC 
card of a system embodying the invention. Fig. 
10A displays the side of the IC card 10 and Fig. 
10B displays the side of the external IC card ac- 
ceptance means 20 together with the terminal sta- 
tion 30. e.g., a personal computer. In Fig. 10A, 
reference numeral 61 denotes a reset processing 
means, 62 a personal identification number (PIN) 
verification processing means, 63 a card authen- 
tication (AC) processing means. 64 a file open 
processing means 65 an E (abbreviation of EMEM 
11) write 1 processing means, 66 an E write 2 
processing means, 67 an E read 1 processing 
means, 68 an E read 2 processing means, and 69 
a file close processing means. Note, in Fig. 10B. C 
and R represent a command block and a response 
block, respectively! 

The internal memory, e.g., a main memory 
(IMEM), 5 holds system directory/system informa- 
tion, PIN management information, card issuer 
identification (ID) management information, card AC 
management information, APL-ID management in- 
formation, system AC management information, 
cryptograph management information, i.e., keys for 
drafting a cryptograph or deciphering the cryp- 
tograph, an EMAM (external memory access 
means) directory, external memory (EMEM) man- 
agement files, and so on. The personal identifica- 
tion number (PIN) is a secret code for confirming 
whether or not the user of the IC card is an entitled 
user. The PIN is registered in the IC card and, 
when the IC card is used, the PIN is checked for 
verification with the secret code input by a user. 
The IC card is not activated until the PIN verifica- 
tion is satisfied, whereby the IC card is able to 
access the system (20, 30). A variety of PIN's 
exist, such as a card manufacturer PIN, a transport 
PIN, card issuer PIN, an own PIN, and so on. The 
card issuer ID management information is. for ex- 
ample, a name of a bank, a bank code, a card 
issuing date, a card issuance number, and so on. 
The authentication code (AC) is composed of data 
or an algorithm, in terms of elements (user, card, 
terminal machine or terminal station, service pro- 
vider and the like) comprising an IC card system, 
used for confirming an authentication between any 
two elements. This data or algorithm is predeter- 



mined between two elements, and thereafter, rr.us; 
be kept secret from other parties. Use of the AC 
enables a prevention of non-authorized use or forg- 
ery of an IC card and tampering with data in the IC 

5 card, and the detection of unauthorized use. forg- 
ery, and tampering with data. The APL-ID is a key 
essential to a business file when accessed by a 
business application program. Namely, a business 
application is made possible by specifying the 

jo APL-ID. to allow access to a required business file 
without referring to a physical address, and so on. 
The cryptograph management information pro- 
duces a cryptograph for deciphering the ciphered 
data stored in the external memory (EMEM) 1 1 and 

T5 a management information of a radix number re- 
quired when a new data is to be stored therein, and 
as materials similar thereto, a file correspondence 
number of the files in the EMEM 1 1. a cryptograph 
for deciphering, data which has been cryptographi- 

20 cally processed, and so on. The EMAM (external 
memory access means) directory is composed of a 
directory for the EMEM 1 1 and a directory for the 
internal memory (IMEM) 5. The directory for the 
EMEM 11 manages file names for managing the 

25 EMEM 11, and file correspondence numbers for 
managing the same. The directory for the IMEM 5 
manages a file correspondence number in the ex- 
ternal memory (EMEM) 11 and addresses in a 
memory, managing attribute information with re- 

30 gard to the files in the EMEM 11. The EMEM 
management serves as an area for managing, in 
the file units, the attribute information for data in 
each file of the EMEM 11. which attribute informa- 
tion is managed by the directory for the IMEM. In 

35 the data area of the files in the external memory 
(EMEM) 1. attribute information is recorded which 
relates to the data in each file of the EMEM 11. 
Further similar contents to be managed exist, such 
as the date of drafting of the related files, renewal 

40 date, and start and end of each physical address 
corresponding to the external memory (EMEM) 1 1 . 

The EMAM (external memory access means) 
23 is provided with the above mentioned process- 
ing means 61 through 69 and others. The reset 

45 processing means 61. (Fig. 10A) starts operating 
upon receipt of a RESET command from the side 
20. 30 (Fig. 10B) and resets the system directory 
and the system information in the internal memory 
(IMEM) 5 (Fig. 10A), and then sends a RESET 

so response to the side 20. 30. The PIN verification 
processing means 62 (Fig. 10A) starts operating 
upon receipt of a PIN verification command accom- 
panied by PIN data and carries out a verification 
process of the PIN data with reference to the PIN 

55 management information (Fig. 10A). and then 
sends a verification result to the side 20, 30. The 
card AC processing means 63 (Fig. 10A) starts 
operating upon receipt of a card AC command and 
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performs a check on the card authentication with 
reference to the card AC management information 
in the internal memory (IMEM) 5 (Fig. 10A). and 
then returns the card AC data to the side 20. 30. 
The file open processing means 64 starts operating 
upon receipt of a file open command and carries 
out a check of an access right with reference to the 
system AC management information in the IMEM 5 
(Fig. 10A), and then sends the result of the related 
file open to the side 20, 30. The E write 1 process- 
ing means 65 starts operating upon receipt of an E 
write 1 command and the corresponding data, enci- 
phers the thus given data, and returns the enci- 
phered data and a write position. The above write 
position is a write position in the external memory 
(EMEM) 11, and is obtained by reference to the 
content of the EMEM management file in the IMEM 
5 (FIG. 10A). The E write 2 processing means 66 
starts operating upon receipt of an E write 2 com- 
mand and resultant information (the result of a write 
operation to the EMEM 11), and writes the result of 
the write operation to the EMEM 1 1 for the EMEM 
management file in the IMEM 5 (Fig. 10A). and 
then sends the result of the related process to the 
side 20. 30. The E read 1 processing means 67 
starts operating upon receipt of the E read 1 com- 
mand and a file name, and searches for a position 
on the external memory (EMAM) 11 in which the 
related file is stored, with reference to the EMEM 
management file, and then sends the result and the 
position to the side 20, 30 (Fig. 10B). The EMAM 
read 2 processing means 68 starts operating upon 
receipt of an E read 2 command and enciphered 
data and carried out a deciphering operation with 
reference to the cryptograph management informa- 
tion in the IMEM 5 (Fig. 10A), and then sends the 
resuit and the deciphered data to the side 20. 30 
(Fig. 10B). The file close processing means 69 
starts cperating upon receipt of a file close com- 
mand and carries out a file close operation, and 
then sends the result to the side 20, 30 (Rg. 1 0B). 

In the terminal side 20 and 30 (Fig. 10B). when 
the IC card 10 is inserted in the reader-writer, 
together with the reading and writing device, the 
terminal, i.e.. th£ external IC card acceptance 
means 20. sends a RESET command to the IC 
card 1 0. Where data is to be written in the external 
memory (EMEM) 11. the means 20 issues a PIN 
verification request, a card AC request, a file open 
request, and a E write 1 request, and thereafter, 
the related write operation to the EMEM 11 is 
performed and the E write 2 request is issued. 
Where data in the EMEM 11 is to be read, the 
means 20 issues an E read 1 request, and there- 
after, the related read operation to the EMEM 1 1 is 
carried out. Then an E read 2 request is issued, 
and when the access to the EMEM 11 is com- 
pleted, a file close request is issued. 



When a PIN verification reauest is issuea. a 
PIN command is sent to the processor (CPU) 4 
forming the processing means 61 through 69: when 
a card AC request is issued, a card AC command 

5 is sent to the CPU 4 in the IC card 10; when a file 
open request is issued, a file open command is 
sent to the CPU 4 in the IC card 10; when an E 
write 1 request is issued, an E write 1 command is 
sent to the CPU 4 in the IC card 10; when an E 

to write 2 request is issued, an E wnte 2 command is 
sent to the CPU 4 in the IC card 10; when an E 
read 1 request is issued, an E read 1 command is 
sent to the CPU 4 in the IC card 10; and when an 
E read 2 request is issued, an E read 2 command 

75 is sent to the CPU 4 in the IC card 10. 

Figures 11A and 11B are flow charts of a 
process for each command, performed by a CPU 
in an IC card of a system embodying the invention. 
An initial process is started ("a") by a power-ON. 

20 and when a command is received ( H b") from a PIN 
PAD (Rg. 10B). a command check is carried out 
( n c n ). If the command code is correct (YES in step 
"d w ), a command parameter check is carried out 
Ce"). The command parameter check determines 

25 whether or not the attribute information conforms 
with the prescribed parameter. If the result at step 
"d" is NO, an error response is edited in step "K" 
in Fig. 11B, and an error response is sent to the 
means 20 ("L" in Rg. 11B). If the result of the 

30 command parameter check is correct (YES in step 
T), a command sequence check is started ("g"). 
If the result at step T is NO, the error response 
edit is carried out. If the resuit of the command 
sequence check is YES ("h"), a command distribu- 

35 tion is started (T). The command sequence check 
is introduced to find contradictions in the command 
sequence; for example, if a file write command 
precedes a file open command, this is a contradic- 
tion, ff the result of the command c sequence 

40 check is NO in step "h", the flow goes to step "K" 
(Rg. 11B). When one of the various processes is 
finished, a response is sent to the means 20 ("L" 
in Fig. 11B). The above mentioned processes are 
performed in steps "A" through "J" in Fig. 11B. 

45 Note, for brevity, in some of these steps the refer* 
ence character "E" represents the "EMEM", i.e.. 
the external memory 11 (Fig. 5 and others). Details 
of these processes will be presented below. 

Rgure 12 is a detailed flow chart of the pro* 

so cess "A" shown in Rg. 11B. In the E OPEN pro- 
cess "A", a double open check is carried out to 
avoid a double occupation of the same file. If the 
result is YES, an open finished memo (flag) is 
made ON (hoist), and a normal response is edited. 

55 In the result is NO. an error response is edited. 

Rgure 13 is a detailed flow chart of the pro- 
cess "B" .shown in Rg. 11B. In the E CLOSE 
process "B", a double close check is carried out 
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for a similar reason as for the double open check, 
and if the result is YES or NO, a normal or an error 
response is edited accordingly. 

Figure 14 is a detailed flow chart of the pro- 
cess ff C" shown in Fig. 1 1B. In the E WRITE 1 
process "C", it is determined whether or not the 
related data is open. If the result is YES. a data title 
check is carried out to determine whether or not 
the related data has a right to access the file. If the 
result is YES. the corresponding address is found, 
and edited. Further, the corresponding key is 
found, and using the key. the write data is enci- 
phered, and then edited. Finally, the related edition 
of the response is performed. If the result of the 
step (OPEN FINISHED CHECK) is NO, the related 
edition of the response is performed. This also 
applies when the result of the data title check is 
NO. 

Figure 15 is a detailed flow chart of the pro- 
cess "D tt shown in Fig. 11B. In the E WRITE 2 
process, an E write finished check is carried out. 
Namely, it is determined whether or not the pre- 
ceding E write 1 process was completed without 
error. If the result is YES. the resultant information 
is checked. The resultant information indicates, for 
example, whether or not an overwrite has occurred 
in the external memory (EM EM). If the result of the 
check is NO, the error response is edited. If the 
check of the resultant information indicates a nor- 
mal result, then a normal completion of the write 
process is recorded (memo). If the check indicates 
an abnormal result, then an abnormal completion of 
the write process is recorded (memo). The normal 
response is then edited, wherein the term "normal" 
means that the flow per se was completed normally 
and is not concerned with the above mentioned 
abnormal completion of the write process. 

Figure 16 is a detailed flow chart of the pro- 
cess "E n shown in Fig. 1 1 B. In the E READ 1 
process, the open finish check is carried out as in 
the flow of Fig. 14. If the result of the check is YES. 
a data title check is started, as in the flow of Fig. 
14. If the result of the check is YES. the cor- 
responding address is found by the address hold- 
ing means (shown by 44 in Fig. 7), as in the flow of 
Fig. 14, and then edited. The remaining steps are 
similar to those explained before. 

Figure 17 is a detailed flow chart of the pro- 
cess n F" shown in Fig. 11B. In the E READ 2 
process, the E read 1 finished check is carried out 
in the same as the corresponding step in Fig. 15. If 
the result is YES, the corresponding cipher key is 
found, and using the key, the read data is de- 
ciphered to edit the read data. The remaining steps 
are similar to those explained before. 

Figure 18 is a detailed flow chart of the pro- 
cess "G" shown in Fig. 11B. In the E DELETE 
process, an open finished check is carried out, and 



if the result of the check is YES. a data title cnecx 
is carried out. Namely, if the result cf this checK is 
YES. the corresponding address is found and ec- 
ited to delete the content of the directory (shown 

5 by 21 in Fig. 5). The remaining steps are similar to 
those explained before. 

Figure 9 is a detailed flow chart of the process 
B H n shown in Fig. 11B. In the VERIFY PIN process, 
an authentication check for an input PIN data is 

to carried out. The remaining steps are similar to 
those explained before. 

Figure 20 is a detailed flow chart of the pro- 
cess T shown in Figure 11B. In the CREATE E 
FILE process, a validity check for the system in- 

;s formation directory is carried out. and if the result 
of the check is YES. then a validity of the CREATE 
is checked. Namely, if the result of this check is 
YES. a file registration is carried out The remain- 
ing steps are the same as described previously. 

20 The vality of the CREATE is checked to confirm 
whether the file is created as required. If the result 
of the vality check is YES. the registration of the 
file to be created is carried out. The remaining 
steps are similar to those explained before. 

25 Figure 21 is a detailed flow chart of the pro- 

cess "J" shown in Fig. 11B. In the CREATE E DIR 
process, the directory for the newly introduced file 
is created. Namely, first double registration is 
checked to avoid a registration conflict If the result 

30 of the check is YES, then it is determined whether 
or not a sufficient directory area exists. If the result 
of the check is YES. a registration to the directory 
is carried out. The remaining steps are similar to 
those explained before. 

35 As understood from the above description, the 

IC card 10 is provided, as one body with the 
external memory (EMEM) 11. which has a very 
large memory capacity, and therefore, it is possible 
to store a vast amount of information, for example, 

40 video information. Specifically, it is possible to 
record, for example, a photograph of the user's 
face, user'a voice, user's signature, user's finger- 
prints, and so on. Of course, it is also possible to 
store information which overflows the internal mem- 

45 ory (IMEM) 5 having a small memory capacity. In 
this case, the date must be recorded simultaneous- 
ly, since such information, for example, a photo- 
graph of the user's face, will not represent the 
user's face after an elapse of time. Accordingly, the 

so date of the record is also important for, for exam- 
ple, a driving licence, a passport, and the tike. 

According to an embodiment of the present 
invention, a memory history management area can 
be created. The memory history management area 

55 manages information to be stored in the external 
memory (EMEM) 11, such as a photograph of the 
user's face and so on. as mentioned above. 

Figure 22 is a schematic diagram of the gen- 
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eral construction of devices mounted in and on an 

10 card, in particular a memory history manage- 
ment part according to an embodiment of the in- 
vention. As is dear, the arrangement of Fig. 22 is a 
modification of the arrangement shown in Fig. 5, 
explained previously. The history management part 
70 is composed of at least a memory history 
directory 71 formed in the first directory 21 (Fig. 
5). The memory history directory 71 preferably 
cooperates with a history record area 72 formed in 
the second files, i.e.. the file 9 (Fig. 5). The history 
directory 71 and the record area 72 are controlled 
by the processor. (CPU) 4, in particular the external 
memory access means (EMAM) 23. 

Figures 23A and 23B show a specific arrange- 
ment of a memory history management part shown 
in Rg. 22. The data files in the external. memory 
may be used with a regulated format as shown by 

11 in Fig. 23B or a free format a shown by 11 . In 
the external memory (EMEM) 11 ' (left side in Fig. 
236) is regulated with a plurality of blocks, such as 
B- , B 2 - B n . In the example, block Bi is allotted 
to the photograph data, B2 to the voice data, Ba to 
the fingerprint data, B* to the signature data, and 
B= to the overflow data from the internal memory 
(IMEM) 5. Each of the blocks B^ through B n is 
composed of a plurality of sections Si through S m . 

On the other hand, as shown in Fig. 23A, the 
internal memory (IMEM) 5 contains therein the 
memory history directory 71 and the history record 
area 72. as the memory history management part 
70 (Fig. 22). The memory history directory 71 
indicates physical addresses on the external mem- 
ory (EMEM) 11. The history record area 72 is 
divided with a plurality of rows, and each row is 
predefined by both block numbers B- , B2 — B n 
and section numbers Si , S2 — S m . Therefore, 
each time a write operation to the blocks B1 
through B n of Fig. 23B is carried out, the date on 
which the related write operation was made is 
recorded in the corresponding row of the history 
record area 72. (Fig. 23A). 

Figures 24A and 24B are a flow chart of the 
read and write operations to an external memory 
(EMEM), and also depict an arrangement of the 
related memories. The content of Fig. 24A is sub- 
stantially the same as the content shown in Figs. 
23A and 23B. The processing flow of Rg. 24B is 
programmed in the external memory access means 
(EMAM) 23 in Rg. 23A and the program is ex- 
ecuted by the external IC card acceptance means 
20 (terminal machine) and, if necessary, the termi- 
nal station 30. The communication is handled by 
the reader-writer and the reading and writing de- 
vice. . 

When a read command and the corresponding 
logical address are sent from the acceptance 
means 20. a read operation is started by the pro- 



cessor (CPU) 4 in the IC card 10 (refer to "a ff in 
Fig. 24B). This command is a request to scan the 
history, and thus a corresponding search in the 
history directory 71 is carried out ("b") and the 

5 physical address corresponding to the searched 
logical address is found. Using the found physical 
address, data is read from the EMEM 11 by the 
acceptance means 20 ("c"). and thereafter, the 
date on which the related read operation was car- 

70 ried out is written in the history directory 71 by the 
CPU 4 ("d"). The thus read data is sent to a 
demander of the related read request, e.g., the 
terminal station 30, by the acceptance means 20 
Ce"). 

is When a write command, the corresponding 

physical address, and the corresponding write data 
are received by the CPU 4 CD, the CPU 4 (Rg. 
23A) carries out a search of the history directory 71 
using the given logical address, to find the cor- 

20 responding physical address Cg"). Based on the 
found physical address, the related write operation 
is carried out by the acceptance means 20 ("h"), 
and thereafter, the date on which the write opera- 
tion was carried out is recorded by the CPU 4 ("i"). 

25 The result of the write operation is sent to the 
demander of the relate write request, e.g., the 
terminal station 30, by the acceptance means 20 
("J"). 

As explained above in detail, an IC card of a 
30 system embodying the invention can handle a vast 
amount of data compared to the conventional IC 
card 1. Although the external memory (EMEM) is 
exposed outside the body of the IC card, security 
for the data stored therein can be assured because 
35 the EMEM is governed by the internal CPU alone. 



Claims 

40 1. An integrated circuit card incorporating an 

internal data memory (5) and a central processing 
unit (4) in communication with the internal memory 
for processing data in that memory, characterised 
in that the card also incorporates an auxiliary mem* 

45 ory (1 1 ) provided at an external surface of the card, 
there being no data pathway within the card for the 
direct passage of data therein between on the one 
hand the said auxiliary memory and on the other 
hand the said central processing unit and internal 

so memory. 

2. An integrated circuit card as claimed in 
claim 1 , wherein the said internal memory (5) con- 
tains address data necessary to enable an external 
card acceptance device (20), when the card is 

55 positioned in a predetermined working relationship 
therewith, to access data in the said auxiliary mem- 
ory (11). 
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3. An integrated circuit card as claimed in 
claim 1, in combination with an external card ac- 
ceptance device (20). operative on the basis of 
address data read by the device from the said 
internal memory (5) to access data in the said 
auxiliary memory (1 1 ). 

4. An IC card comprising: 

a processor contained therein and communicating 
with an external IC card acceptance means; 
an internal memory" contained therein and coop- 
erating with the processor and forming data files; 
an external memory mounted on a surface of a 
body of the IC card as one body; and 
an external memory access means, other than an 
inherent internal memory access means, formed by 
said processor, which external memory access 
means alone can access said external memory by 
way of said external IC card acceptance means. 

An IC card as set forth in claim 4, wherein said 
external memory access means is established by a 
program and said internal memory access means 
is also established by a program, and both pro- 
grams are stored in a program ROM generally 
provided by said processor in the IC card. 

6. An IC card as set forth in claim 5, wherein 
said internal memory is composed of first files 
allotted to said external memory and second files 
allotted to said internal memory, and the internal 
memory further includes a first directory for defin- 
ing said first files and a second directory for defin- 
ing said second flies. 

7. An IC card as set forth in claim 4, wherein 
said external memory has a larger memory capac- 
ity than that of said internal memory. 

8. An IC card as set forth in claim 7, wherein 
said external memory is composed of an optical 
memory such as a laser memory and a CD-ROM. 

9. An IC card as set forth in claim 6. wherein a 
first logical system constructed by both said pro- 
cessor and said external memory is isolated from a 
second logical system constructed by both said 
processor and said internal memory. 

10. An IC card as set forth in claim 9, wherein 
said first logical system and said second logical 
system are isolated from each other, but can be 
logically connected by way of said external IC card 
acceptance means. 

11 . An IC card* as set forth in claim 1 0, wherein 
only data managed by said processor is sent to 
said external memory. 

12. An IC card as set forth in claim 11, wherein 
read and write operations for said external memory 
are carried out by using only addresses handled by 
said processor. 

13. An IC card as set forth in claim 6. wherein 
said first files and said second files store user data 
related to an IC card owner. 



14. An IC card as set forth in claim 13. wherein 
said first files further contains a password area 
used for an authentication check of said external 
memory by the own processor. 

s 15. An IC card as set forth in claim 12. wherein 

an address holding means is employed and re- 
alized by the said internal memory and the address 
holding means specifies a new area in said second 
file with reference to a vacant area in said first 

w directory. 

16. An IC card as set forth in claim 15, wherein 
a cryptograph management information memory 
means is further employed and realized by said 
internal memory, and operates to encipher and 

75 decipher data to be communicated between said 
processor and said external memory. 

17. An IC card as set forth in claim 16, wherein 
said IC card acceptance means is provided with a 
reader-writer for contact with both said processor 

20 and said internal memory and is provided with a 
reading and writing device for contact with said 
external memory. 

18. An IC card as set forth in claim 17, wherein 
said IC card 10 having a security function and 

25 composed of said external memory, said address 
holding means for holding addresses of the files 
stored in the external memory, said cryptograph 
management information memory means for stor- 
ing the cryptograph management information used 

30 for ciphering data and for deciphering the ciphered 
data, a write processing means, a first read pro* 
cessing means and a second read processing 
means. 

said write processing means starting operation 

35 upon receipt of a write command and the cor- 
responding write data, enciphering the received 
write data with reference to the said cryptographic 
management information, searching the corre- 
sponding address of said external memory at 

40 which the enciphered write data is to be written 
with reference to said address holding means, and 
sending the enciphered write data and the cor- 
responding address, as a response, 
said first read processing means starting operation 

45 upon receipt of a first read command and a cor- 
responding file number of said file in the external 
memory, searching the corresponding read ad- 
dress specified by the given file number with refer- 
ence to said address holding means and sending 

so the read address as a response, 

said second read processing means starting opera- 
tion upon receipt of a second read command and 
enciphered read data, deciphering the received en- 
ciphered read data with reference to said cryp- 

55 tographic management information, and sending 
the deciphered read data as a response. 
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19 . An IC card as set forth in claim 18 . 
wherein said external IC card acceptance means 
cooperates, when said processor is to perform a 
write operation, with said IC card, so that 

(I) a given write command and correspond- 
ing write data are input to the IC card, 

(II) enciphered write data and the corre- 
sponding address for writing in the external mem- 
ory are obtained and output from the IC card, and 

(III) the thus enciphered write data is written 
in the external memory. 

An IC card as set forth in claim 18, wherein said 
external IC card acceptance means cooperates, 
when said processor is to perform a read opera- 
tion, with said IC card, so that 

(I) a given first read command and cor- 
responding file number are input to the IC card, 

(II) the corresponding read address for said 
external memory is searched by said address hold- 
ing means and output from ther IC card, 

(III) enciphered read data is obtained, by 
using the read address searched from the external 
memory, 

(IV) the enciphered read data from the exter- 
nal memory is sent to the IC card together with a 
second read command, and 

(V) deciphered read data is output from the 
IC card in response to the second read command. 

21 . An IC card as set forth in claim 6, wherein 
a memory history management part is further intro- 
duced into said internal memory, which memory 
history management area manages information to 
be stored in said external memory. 

22. An IC card as set forth in claim 21 , wherein 
said memory history management part is com- 
posed of. at least, a memory history directory 
formed in said first directory of said internal mem- 
cry. 

23. An IC card as set forth in claim 22, wherein 
a history record area is formed in said first files, 
which history record area cooperates with said 
memory history directory, both the memory history 
directory and the history record area being con- 
trolled by said processor. 

24. An IC card as set forth in claim6 , wherein 
said internal memory is composed of a non-volatile 
memory, such as an electronically erasable prog- 
rammable read only memory (EEPROM). 

An IC card as set forth in claim 23, wherein a 
first logical system constructed by both said pro- 
cessor and said external memory is isolated from a 
second logical system constructed by both said 
processor and said internal memory including said 
memory history management part 



26. An IC card as set forth in claim 25. wherein 
said first logical system and said second logical 
system are isolated from each other, but can be 
logically connected by way of said external IC card 

5 acceptance means. 

27. An IC card as set forth in claim 26, wherein 
only data managed by said processor is sent to 
said external memory. 

28. An IC card as set forth in claim 27. wherein 
ro said history record area records at least a date on 

which a read or write operation was carried out 
from or to said external memory. 

29. An IC card as set forth in claim 28. wherein 
said memory history directory holds an index of 

75 each history data in said history record area and 
the corresponding write data in said external mem- 
ory. 

30. An IC card as set forth in claim 29, wherein 
said write data to be indexed by said memory 

20 history directory is data such as a photograph of a 
face, a voice, a fingerprint, and a signature of the 
IC card user, and data which overflows from said 
internal memory due to a lack of a memory capac- 
ity thereof. 

25 . 
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